Imagine my surprise when I received a note from a fellow on the same server one lovely morning. One of my players was accused of stealing loot from a different guild’s bank and before promptly quitting. The accused’s alt just helped themselves to various items. I’m not actually sure what items were taken or what the full value was.

Most GMs are bound to deal with guild bank thefts at some point in their careers. Either their bank gets stuff stolen from or a different guild’s bank gets raided (via alts) and they’re left dealing with the offenders.

In a fair number of cases, the accused would’ve simply been kicked out. And I’ll be the first to admit, it’s the easiest solution. You kick the player and your hands are washed of having to deal with them ever again. Your guild’s reputation is left (relatively) intact.

I responded back to the accuser saying that I’d look into it. But this is a player I didn’t have much interaction with as they were on our PvP roster. In the end, I notified my PvP team leader about this because the player was under their division.

“One of our players was accused of this. Any ideas about them? Here’s the guild they were in and here’s the character of the accuser.”

What happened?

Apparently, it was a misunderstanding. Our guy mistakenly took things that they weren’t supposed to thinking that it was open and free to anyone. They returned the goods (and compensated accordingly). As it’s their first time offense, I have to assume that there was no malicious intent (and there’s no evidence to show that there was).

As the player

Before taking stuff, ask.

Or at least, check around and see if there’s a banking policy. There may be certain limitations based on ranks. Sometimes the GM makes a mistake and places you in the wrong rank and you’re not actually supposed to be entitled to certain tabs. If you have access to rare items like enchants, recipes, or other craftables, it’s a good idea to check with someone higher up before helping yourself to it.

As the GM

Lock down your stuff.

Check the permissions.

Check the rank access of the permissions.

Make sure the right people have access to the right tabs. You have a responsibility to ensure that. It’s noble to assume the best out of everyone but it’s also quite foolish to leave the door to the vault wide open and expect it to be respected. Have your bank rules outlined somewhere on your guild website or your forums. Go over the ground rules with all new recruits with regards to withdrawal policies.

Speaking of banking stuff, which one of you left these stacks of Wool Cloth and Volatile Earth’s in my guild bank?

So, Vaneras over on the EU forums just informed us that Real ID will be making an appearance on the forums. Needless to say there is a slew of comments slinging around about this. Some people love it, some people hate it. Some say it will be the new life of the forums while others think that this marks their imminent death. So I thought it would be good to talk about it a little bit here.

First off, lets talk about the current state of the forums. There are some good threads there. There are some helpful guides and bits of information. But for each helpful bit there is a counterpart. People that just show up to cause issues, scream drama and pick Internet fights. I know a lot of people personally who avoid the forums just to avoid those specific people. This is a sad thing though, as the forums are set up to help build the community and not to be a source of drama or argument. On a personal level I hate having to weed through 15,000 posts of people complaining to get to the 1 that has a valid point in a discussion. This is obviously an exaggeration, but you get the idea.

Let’s face it, the Internet is a place where people can hide behind a fake name and say and do whatever they want with little to no recourse. This can be simple complaining out outright just being an ass-hat. This Internet anonymity is what Blizzard is trying to take away I think. How many times have they posted a proposed class change only to have intelligent well thought out responses from posters get drowned out by the wailing masses? How many times has a person asked for advices on gear or spec or spell priority only to be called a noob for pages on end? It happens, trust me I know. So I can see what Blizzard is trying to do here, by eliminating the ability to hide behind a character name, that person is held accountable for what they said or do.

Quick story here. I know a guy who in real life is one of the kindest people I’ve ever met. Intelligent, well spoken and would give you the shirt off his back. When he logs into game or on the forums however, he does a complete 180. He yells at people, argues incessantly, turns into a complete womanizing bigot and has a completely abrasive personality. This sounds extreme but it is a lot more common than you think. When you don’t have to be held accountable in real life for your actions, the rules change. The Blizzard forums have been plagued by this from day 1.

By adding this level of accountability Blizzard I’m sure is hoping to cut down on the forum slop by discouraging the trolls from posting, and making people think twice about just posting empty whining.

There is however another side to this coin. There are a ton of people who try very hard to separate their real life from their game life. They post helpful guides to trade-skills, or how to level efficiently on the forums for general reading. They offer insight to class changes and constructive criticism when people ask for help. This group of people also has something to lose by this change going live, as does the community in general if they stop posting. Some people like the anonymity of their toons as a way to just separate their lives into distinct parts. If they stop posting because of this change, that will be very sad indeed.

Some are concerned for their safety. They fear stalkers and real life harassment and fallout from the forums following them into real life. As a person who has worked in internet security for a long time, I can tell you the chances of this are pretty slim. A persons name alone does not provide a ton of information. It does not for example provide your address and township. Your internet providers work very hard to keep that information private as do most websites, banks etc. It is in Blizzards best intrest as well to keep this information private, and so far they have done a pretty good job of it. Unless you have a one of a kind name and are publicly listed in an international phone book or public websites with your pertinent information, the chances aren’t too great that your name will give up enough information about you to harass you outside of your online personae. I understand the concern there, it is a valid reason for being against the change. But it can be rather difficult to find someone .

Another argument is that this goes against the originally stated purpose of Real ID. It was toted as an optional, convenient way to keep track of your friends across servers and even games. Some people feel that being forced to use it to interact on the forums violates this and removes the “optional” portion of the feature. This is a valid argument as there is no way to circumvent this at current.

There are also those of us that this has absolutely zero effect on. Those of us that already live in the public eye and have our names out there will see no change in how we do business essentially. Me personally, doesn’t phase me one bit. My name is out there from the For the Lore podcast and WoW.com. Having my real name show up on the forums isn’t a big deal at this point. I also have the good fortune to have a name that is not exactly unique. Joseph Perez is the Steve Smith of Hispanic names. Try looking it up in the phone book sometimes, it is rather hilarious.

Here are some facts to remember about this

This will only affect the new forums created when SC2 and Cataclysm launch. Old forums and old posts will remain untouched (for now, hopefully this won’t become retroactive)

Blue Posters are not immune to this, and will also be showing their real first and last names

Having your name does not compromise your account security. Email, password (and hopefully you’re using an authenticator) are what let people in. Even if you call Blizzard customer support and say you are “so and so” you have to provide a LOT of proof of identity.

So what do you think? Do you love it? Do you hate it? Will it be a new beginning for the Blizzard forums or will it mark its death?

UPDATE

Let me clarify something real fast. While the change doesn’t affect me personally I still do NOT like it. I understand what they are trying to do with it, but I don’t think it was thought out enough. On facebook I can go silent, I can turn off chat and no one has to know I’m on. I can hide details like my email, phone number and location, and if I so choose I can change my name on the account. Here we don’t have the option. I do NOT like the idea that choice is being taken away from the gamers. We choose to play this game and who to interact with. Why do we not have a choice in this? I think that the overwhelming response people are having to this is a good thing and hopefully Blizzard will see it and make some changes. But again, I am NOT for this change, but I don’t think it needs to be attacked with nukes instead of calm rational discussion. It is a lot easier for people (i.e. Blizzard) to dismiss an over the top emotional response to this (which don’t get me wrong, it’s a perfectly valid response from us as users to be passionate about this change) as opposed to when people calmly lay down why they don’t agree with it. That’s all.

I forgot I had this post sitting in my drafts. It was written a few weeks ago. Here it is now with an important message to guild masters everywhere.

It was a warm and breezy Tuesday. Raid invites had been sent out. ItÃ¢â‚¬â„¢s the grace period where players are busy wrapping up their affairs and getting prepped for the raid. I slammed down a Coke because I had a feeling it was going to be one of those nights. Groups were organized during the preparation period with players specifically assigned to their vehicles and their roles.

Quick work. Next!

After toasting Flame Leviathan, the pull was set up for Razorscale. A quick countdown ensued and the Dwarven expedition team began placing their Dwarven engineering skills at work charged with getting harpoon turrets up quickly.

This is where the fun happened.

A level 1 Gnome Rogue messaged me.

Ã¢â‚¬Å“hey, its maddawg. can i get a ginvite?Ã¢â‚¬Â

Ã¢â‚¬Å“Standby. Doing Razor.Ã¢â‚¬Â

Ã¢â‚¬Å“o, ok.Ã¢â‚¬Â

A few minutes later, we wrecked him and started opening up on Ignis trash.

Ã¢â‚¬Å“you guys all done in there?Ã¢â‚¬Â

Ã¢â‚¬Å“Yeah, Razor down. Hop on vent for a sec, need to ask you something.Ã¢â‚¬Â

Ã¢â‚¬Å“sry cant. at a friends house right now.Ã¢â‚¬Â

I thought nothing of it and wired out the invite.

Of course, when you give an inchÃ¢â‚¬Â¦

Ã¢â‚¬Å“hey, can i get promoted to officer? need to organize some stuff for the bank.Ã¢â‚¬Â

This was followed by one of the swiftest guild kicks in the history of guild kickingness.

The vault of Conquest would not be breached today! We had around 22000 gold. That amount is just in hard currency and in the main bank (Offshore guild bank accounts? I wouldnÃ¢â‚¬â„¢t be that paranoid. Right?) Including various raiding materials such as flasks, enchants, gems, and other things, the amount would have been colossal. It would have been enough to request a bailout anyway.

So what gave it away?

In one of the most failed social engineering tactics of this century, the Maddawg impersonator made several mistakes. More importantly, I had various defenses in place to protect against such infiltration.

Bad target

He didnÃ¢â‚¬â„¢t exactly pick the most ideal target. I am perhaps the most paranoid guild master on the planet. That would be a result of Criminology program IÃ¢â‚¬â„¢m enrolled in.

Restricted bank access

Freshly invited players do not get access to the bank. They can see everything but they canÃ¢â‚¬â„¢t withdraw out of it. No cash, no flasks, and not even a single grey item can be pulled out without an officer signing off on it.

Authentication fail

The first warning sign I received was when he said he was unable to get on vent. Yeah sure thereÃ¢â‚¬â„¢s a multitude of reasons for that. Policy is still policy. I get instantly suspicious if I donÃ¢â‚¬â„¢t hear a player asking for an invite.

Officer alt policy

No alts of any of the leadership including myself are promoted past a social rank for any reason. They are all aware of this and they agreed to it.

What was even funnier was just minutes ago Maddawg had said he was going to head out and to not expect to see him on for the rest of the evening. He wasnÃ¢â‚¬â„¢t able to raid that night.

I’d like to take a moment and talk about account security with you. Recently instances of key loggers, dictionary hacks and the like related to WoW account jacking have been popping up more and more (my guild felt the bite of this a bit ago but has since recovered the pilfered goods). I work for a major ISP so account security is a topic I deal with daily. I posted something for my guild regarding this topic and would like to share it with you guys as well.

Lodur’s Tips to avoiding compromising your account

Always make sure your anti-virus is up-to-date. Often, anti-virus programs will only update on specific days (Norton, for example, updates on Sundays). However, throughout the week, there may be updates it’s not grabbing by default. One suggestion would be to go into your anti-virus’ Preferences and have it check for updates daily. It will normally let you specify a time, so pick one when you aren’t likely to be raiding

Make sure that anti-virus autoprotect is enabled. A commonly seen problem is that users have an anti-virus that’s up-to-date, but don’t have autoprotect or real time protection enabled. This setting can normally be found under the Preferences for the program. Enabling it allows it to scan downloaded files, files being transferred and data transmissions in real-time.

Passwords, Passwords, Passwords. The most common way into someone’s information, e-mail, accounts, and even computers. A good password follows a few simple rules. DO NOT use the following passwords.

(username)

(username)123

123456

password

1234

12345

passwd

123

test

1

Monkey

letmein

qwerty

password1

These are the most commonly used passwords, poled from a sample of several thousand people worldwide. Don’t use any of them. Also, try not to use just a word. Dictionary hacks run your password against a database of all words it can possibly find. This is called a ‘brute force’ attack. For example, if your password is “bananas”, chances are that someone with a dictionary hack will rip right through it. It’s best to include special characters and numbers; here is where “leet speak” comes in handy. For example, “S1mpl3” is better then “simple”. A recent rule of thumb is to make it 8 characters long or more. The longer it is, the more likely someone will get bored of trying to force it and move on. Overall, pick something difficult to guess, avoid choosing from the top 14 list, and add in some numbers throughout the password and not just at the end of it. While brute force attacks usually work, given enough time, using these tips can change the time it takes to discover your password from a few hours to a few YEARS.

Be careful with your addons. When downloading addons for WoW, check the folders after they’re unzipped. They should never have any files with a .exe suffix on the end. If they do, delete the mod immediately. It’s important to be aware that many mod sites have had issues with corrupted files being uploaded to their servers, infecting people that download those mods. Also, scan for viruses and spyware after installing new mods to make sure that they are clean.

If you have a Battle.net account or have recently upgraded to said account type, do not use the same password as the email address you chose as your user name. You may laugh but a lot of people do this!

If you can get an Authenticator! Get a FOB from the Blizzard Store ($6.50 US) of if you have an iPhone or iPod get the mobile authenticator from the App store (It’s Free!!). It works wonderfully. It’s incredibly easy to set up under your account management. The FOB generates a 6 digit code, the mobile authenticator generates an 8 digit one. The code is hosted on a server utilizing base-line encryption and various other methods to keep the masses out so you don’t have to worry about someone “guessing the next number” by far this is one of the absolute best things you can do to help keep your account secure.

Till next time, Happy Healing.
~Lodur

As always feel free to follow on twitter http://twitter.com/LodurZJ And don’t be afraid to ask questions using direct message there or the contact form here on the site!

Epic

About me

My name is Matticus and this is my World of Warcraft blog. Here you can read about my thoughts regarding healing as a priest. As a former guild master, I also write about guild and raid related topics. The blog has expanded to include thoughts from other regular contributors. The aim of this blog is to help you grow and improve. My unending goal is to have something relevant and useful in every post. or more, you can check out my columns on Blizzard Watch. Visit theGuildmasters to talk shop with other GMs, raid leaders, and officers. My current guild is on Kel'Thuzad US.